BYOD presentation Init 6 + ISSA PR Chapter joint meeting

1,306 views
1,209 views

Published on

A technical overview of the dangers of BYOD in an enterprise

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,306
On SlideShare
0
From Embeds
0
Number of Embeds
802
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

  1. 1. Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  2. 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  3. 3. Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
  4. 4. Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
  5. 5. What are these devices?
  6. 6. Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
  7. 7. Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
  8. 8. Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
  9. 9. Let focus on iOS …
  10. 10. Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
  11. 11. Cydia
  12. 12. Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
  13. 13. Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
  14. 14. What about Android?
  15. 15. PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
  16. 16. Can we be more creative?
  17. 17. Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
  18. 18. Demo
  19. 19. Open Discussion … Q & A
  20. 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com

×